Friday, September 28, 2018

One of the critical steps in performing your network forensics analysis, is to be able to generate a visual of what transpired. This visual allows you to get a graphical representation of a threat actor's TTPs.

Below is an example of mapping a threat actor's TTPs from my upcoming book. This graphic below represents the activity performed on a Windows 10 host with an ultimate pivot (lateral movement) to a Windows XP host on another subnet. Note, this all started via a spear-phishing attack. All it took was one click and its game over.

Map
of the threat actors Tools, Techniques and Procedures (TTPS),
providing Nakia with the necessary intelligence into how this Threat
Actor operated, including its lateral movement from the
compromised Windows 10 machine to a Windows XP device isolated from
the internet.

If you like this mapping of the TTPs, prepare to grab a copy of the book from your favourite seller to learn more about how you can build your own.

You can download the pre-publication sample chapters here while you wait for the published version.

Below is a list of threat intelligence websites that you can use. Cymon.io is an excellent one as it searches around 200 different sources. If you’re looking for a more exhaustive list of threat intel sites, check out https://github.com/rshipp/awesome-malware-analysis